A recently disclosed vulnerability in WordPress has come to light after being unintentionally revealed by a third party. The issue could allow users with Author-level or higher permissions to access certain sensitive information, but it cannot be exploited by visitors without elevated privileges. At the moment there is no confirmed patch available, though some security researchers (like patchstack) report that the WordPress team is investigating the matter. Because the vulnerability requires already-privileged access, the overall risk to most WordPress websites is considered low.
We recommend to keep an eye out for WordPress core updates, as we expect this vulnerability to be patched within a few days.